For the past four years at Work-Bench, we’ve been investing in a total reimagining of the enterprise technology stack.

We’re in the midst of a once in a decade tectonic shift of infrastructure that powers the Fortune 1000 and is unlike
anything we’ve seen before. Whereas consumer tech has the Mary Meeker Internet Trends report for an aggregate
view of industry trends, enterprise technology was missing a comprehensive overview of the key trends - so we’re
launching the Enterprise Almanac to share our thinking on the trends reshaping enterprise technology.

Our primary aim is to help founders see the forest from the trees. For Fortune 1000 executives and other players in
the ecosystem, it will help cut through the noise and marketing hype to see what really matters. It’s wishful thinking,
but we also hope new talent gets excited about enterprise after reading this report. By no means will most of the
predictions be correct, but our purpose is to start the discussion by putting this stake in the ground.

Please share any and all feedback via email at michael@work-bench.com or on Twitter at @ItsYamnitsky.

Our Thesis
Customer-centricity. We make it our focus to deeply understand the business and IT needs of the
Fortune 1000 in order to make more informed decisions in our search for the next enterprise giants.
This is highly informed by our backgrounds in corporate IT at leading Wall Street banks and as Industry
Analysts which is unique in the venture business.

Our Model
Our model flows directly from our thesis. We leverage our deep corporate network in New York City and
beyond as a way to identify trends, pick the winners, and secure customers for our portfolio companies.

Our views are shaped by anecdotal evidence based on our interactions with entrepreneurs, corporate
customers, and big tech leaders. Take that for what it’s worth. We’ve done our best to separate fact from
opinion by highlighting opinionated perspectives in blue.

You’ll notice many qualitative details, but a dearth of data in this report. The trends we discuss are indeed
early – they can’t be rigorously quantified in customer surveys ran by Forrester and Gartner, nor can they be
segmented out of spending figures by IDC. CBInsights and Pitchbook provide valuable fundraising data,
but since history has shown there’s a disequilibrium between market potential and fundraising in early
market crests, we’ve decided to keep funding figures to a minimum. Our intent was to avoid cherry picking
funding data to serve our purpose and make unfair claims of causality.

The core tenants of these powerful companies (speed, scale, standards) led them to expose their internal capabilities to global
companies around the world and evolve into “megaclouds” dominating growth in the enterprise IT market

Large tech companies are ending their
talent shopping spree, leaving many AI
startups with inflated valuations and no real
business in the dust. Salesforce is already
showing signs it’s getting over acqui-hires as it
pivots to internally developing Einstein after
gobbling up startups in 2015 and 2016.

Too many competitive Series A & B deals in AI
that have come across our desks at Work-
Bench over the past year have had valuations
in the high double digits, with many even
$100M+. This can’t last long.

Systems of Intelligence are highly focused analytical systems intended to solve business challenges and
objectives (i.e. increase revenue and customer experience, improve operations, reduce risk)
Value created by:
• Designing products from data
capabilities up to user experience
and not the other way around
• Software UI as invisible as possible >
fancy GUIs. Name of the game is
making the workflow as seamless as
possible.
Value created by:
• Embedding domain experts into the
debugging and hyper-parameter
tuning process
• Incorporating feedback from human
experts into the system of record (SOR)

ID the killer app, ride on top of Implement with pilot customer, facilitate niche search
Strategy and user exploration in app to train the AI, ID MVP
Strategy established data set, create a data that can scale with respect to customer
label moat to protect against new
entrants implementation and sell that before expanding scope

Value prop Eliminate headcount, make those remaining more
Value prop Automate a business ‘task’
efficient

Prediction: By 2018 at least one breakthrough invisible app will
Buyer persona grow faster than the early days of Slack or Salesforce

Employee
•Impact: Dominant force disrupting the workforce over the
next five years because of deadly combination of task
automation + wide reach, ease of deployment of
consumerized SaaS Invisible apps
•Key distinction: end-to-end automation of a business task
so the value proposition is cost reduction. Otherwise
merits of AI = more efficient UX and it’s just a productivity
play like any other SaaS app.
•GTM differentiation: Shorter AI training periods leveraging
structure and rich semantics of biz app data. Busy execs,
consultants and sales people will purchase and expense
access to invisible apps in true consumerized fashion.
Examples of invisible apps:
*

Note: there is some “human-in-the-loop” in that the user’s interactivity Deals with routine discrepancies
with the software drives model refinement, but the onus is not on the
customer to explicitly “train” the AI like in many cases of vertical AI

Does it automate a task end-to-end with a Does it significantly augment humans?
high degree of accuracy?
Is the UX intuitive and enjoyable to use?
Is it easy for employees to use?

Does the AI require the customer’s
This is arguably the trickiest part to intervention? Who? Data scientists?
building vertical AI and thus where Business analysts?
startups should differentiate
What level of abstraction from the guts of
the system will the UX need?

Deep Learning and more exotic forms of AI are great in theory, but difficult to implement in practice due to the intensive parameter tuning and amount
of data required to train an algorithm…
New trend: make AI methods that require less data more accessible by adding representation schemes from “traditional” ML.

Competitive forces will be in flux as the AI landscape continues to develop at rapid speed.
Here is where things currently stand and directionally where they are going:

Data moat? Algorithmic differentiation? Data product differentiation?

Weaker: still a significant barrier, but Weaker: tough to sustain with open Stronger: The key value driver
it’s faster to develop and thus harder source, but there is some value in moving forward is developing
to sustain a data moat. novel training, profiling, debugging, products bottoms up, from data
and testing processes. and analytical capabilities to
features and user experience, and
creating a virtuous loop between
the two.
Locus of focus shifting from the
quantity you own to the process Example: Merlon intelligence
you use to sustain these assets* designs its automated compliance
workflow software to BOTH shorten
insights to action and gather
Direction = whether this factor will be more or less significant 12-24 months from now feedback from users as new data
*For more on this topic, see Matt Turck’s “The Power of Data Network Effects” that feeds into the models.

YES NO
Collaboration With deflationary pressure from open source, we expect
*
MLaaS or “Twilio for AI” vendors with differentiated IP and
talented teams will try to pivot towards ‘Github for AI’, but
Modeling tools and platforms will most likely get acqui-hired or resort to selling their data
sets to sustain their business.

Container are simply a better unit of deployment for the cloud than VMs

Containers are lighter — 10’s-100’s of MBs vs. multiple GBs, just the right size for component based microservices

Containers are faster — they can be spun up and down in seconds vs. minutes to realize the true agility, resilience,
and portability of cloud computing

Containers are more efficient — you can fit 4-8 times as many app components (or microservices) on a bare metal
container server than you can on a VM because of the way containers share OS resources to free up space

Developer crave for speed and simplicity combined with 4-8X potential server efficiency gains across $726B in global IT
infrastructure spend more than justifies the new economy of container-centric IT infrastructure dubbed “cloud native”

The cloud native organizational disconnect = ops getting the short end of the stick

Devs Tech leadership to ops Ops
“We’re going to be placing you on a special
“Why the f&ck don’t we use projects team to migrate all of our workloads “…”
Kubernetes?” over to Kubernetes… After that, we’re going
to have to let you go.”

Container orchestration tools are the data center operating systems of the future. They automate container deployments by
spinning up and managing deployment of containers in production applications to fully realize the agility, resiliency, and
portability benefits of containers.

Major OSS container orchestrators

À la carte option for running micro Most mature solution for scale out apps Best bet for greenfield apps
services on existing infrastructure • More mature project than Kubernetes and Nomad • Largest open source initiative by Google
• Individual open source projects for service scheduling, • Integrates well with existing Hadoop stack • Fully featured orchestrator for enterprise apps
discovery, and secrets management that together are • Not so self-service: bring your own service discovery, • Several commercial vendors in ecosystem as with
competitive to Kubernetes highly skilled operators, and maintenance staff Hadoop
• Existing companies with legacy inertia use Nomad for • Major Partners: Microsoft, HP • Major Partners: Google, Rackspace, RedHat, Intel,
service discover and secrets management CoreOS, Oracle
• Managed by Hashicorp

#1. Maximizes ease of use as the industry’s
most fully-featured orchestrator

#2. Vibrant open source community

#3. Like with Hadoop, lack of vendor
dominance encourages the community to
freely innovate on OSS foundation

#4. Technically sophisticated stack built from
Kubernetes-first OSS projects emerging
the ground up with the right level of
abstractions for users to build and deploy “Istio currently only supports the Kubernetes platform,
although we plan support for additional platforms such
applications using containers
as Cloud Foundry, and Mesos in the near future.”

Cloud native needs databases that can keep up. Problem = databases are sluggish beasts that never quite benefitted from the
pace of innovation the rest of the industry enjoyed.

Former Google VP of Infrastructure Eric Brewer summarized the engineering challenges of developing database infrastructure
with the CAP Theorem: you can only achieve two of the following guarantees for your database: 1) transactional integrity,
2) availability, 3) and scalability.

Service meshes are lightweight network proxies governing service-to-service communications for tasks such as service
discovery, load balancing, and monitoring in highly complex distributed systems

Service discovery is the new IP
gRPC and REST are the new TCP/IP
address and DNS Service meshes use new protocols developed for communications at the service level rather
New system of dynamically routing services to manage latency in large scale than underlying network
distributed systems

•Already considered • New streaming • New streaming • One stop shop for • Streaming and • Tied closely with
“legacy” in Silicon library on popular library developed at batch, streaming, batch in one YARN architecture
Valley with Spark distributed log with Twitter with promise and ML that plays system incurs • Latency issues as
demonstrating mid-2016 release of better scalability well with Hadoop latency a multi-purpose
considerably more • Unproven scalability/ and manageability • “Near” real-time • Limited system
more horsepower stability, support for than Storm streaming is good production use
• Doesn’t work out of cloud-native • Architecture enough but not great cases and
the box at scale and schedulers supports cloud- with respect to scale, unclear
frustrating to set up native schedulers throughput, and development
and manage and Storm migration latency path

Data and app stacks have been separate until now… Container orchestrators like Kubernetes and
Mesos distribute data workloads better than Hadoop’s Yarn. Spark, Kafka, Herron and other new
school stream processing engines all integrate directly with container orchestrators.

Megaclouds ate Hadoop’s lunch
•Megaclouds use the Hadoop distribution in their cloud services,
but by unbundling the underlying file system (HDFS) from the
cluster manager (YARN) and making these components inter-
changible with alternatives, Hadoop is losing it’s position as a
central nervous system for the data stack.

Markets demands moving to machine learning,
where Hadoop has no shine
•Spark > ML for Hadoop, and with cloud-based
object store, you don’t need Hadoop for Spark.
•ML is best run on highly specialized chips
like Google’s TPUs and NVIDIA’s DGX-1 rather
than the commodity hardware Hadoop was
developed for.

Amazon sees Lambda as another form of lock-in. Google wants to make functions more
It wouldn’t be trivial for Amazon to change their posture extensible to promote multi-clouds and
because architecturally, functions are tied to AWS public combat Amazon’s lock-in grip. They
cloud and it would take extensive work with partner hope to commoditize AWS by lowering
VMware to extend functions into private cloud. switching costs with serverless.

The security ecosystem is re-organizing itself into Systems of Intelligence (SOI). Systems of record (SORs)
1
must become SOIs or risk being relegated to “plumbing.”

SecDevOps blurs the lines between networking and application security as the race for cloud-native
2
security products intensifies.

Beyond the 1%: SOIs as consumable microservices will bring advanced security technology to the 99% of
3
companies who previously couldn’t afford.

In the sweeping wave of industry consolidation, legacy security companies will buy up security analytics
4
and Security Operations, Analytics, and Reporting (SOAR) companies in yet another bout to stay relevant.

Primary value driver**
With new security tool overload and highly understaffed sec orgs,
how do you make workflows more seamless? How do you foster
collaboration amongst security teams? Can you use automation?
Data-driven
product design

…and have a little bit of this

How do you make sense of and take action based on the wealth of new
Domain
information generated by modern security systems? AI
expertise
SORs are getting here…

How do you get the most comprehensive observability of IT systems Data
in the most seamless fashion?
*

**Note: each value driver is sized based on its ability to create sustainable competitive advantage.
Original framework source: Jerry Chen (Greylock Partners) “The New Moats” * Work-Bench portfolio company

• Long term sustainable competitive advantage.
With superior performance characteristics and a
growing treasure trove of data, you can evolve with
the rapidly changing industry pace, much like the
ancient force trumps the latest imperial weapon. It’s
difficult to stay competitive with a single-product
strategy because hackers will eventually figure out
workarounds, rendering your product obsolete.
FireEye’s uncertain future is a case in point.

• Cost-reduction value proposition. Platforms are
stickier than products. The comprehensiveness of
your platform allow customers to rip-and-replace
their old tools in a cost reduction play.

TL;DR: Network and app layer are looking to achieve the same goal of bringing X-Ray vision of apps to
security. Culture + technology factor into this shift. In startup race, network/host layer leaders have first
mover advantage over new entrants to gain X-ray vision up the stack.

*
Security analytics
Chicken and egg problem:
Do we acquire one of
how do we partner to get
these guys?
the SOR data?

*

**SOAR: new term dubbed by Gartner for “Security Operations, Analysis and Reporting” technologies that support workflow management.
Note: these categories are not mutually exclusive in that several Systems of Record vendors have Systems of Intelligence capabilities and vice versa.
Original framework source: Jerry Chen (Greylock Partners) “The New Moats” * Work-Bench portfolio company

Security analytics work across Systems of Record (SORs) to make sense of all the data. With SORs
developing security analytics capabilities themselves, they must prove out the value of generating
insights across SORs if they are to endure as independent vendors.

Example: Versive partners across the SORs to build a “deep
and wide” data moat in security analytics

*
Acquired by HP
Acquired by Oracle

*

*

Flexibility to pull
Deeply instrumented Best visibility into mission
data from end user
in the data center critical workloads
devices selectively

Security Operations, Analytics, and Reporting (SOAR) tools automatically run playbooks for common security
workflows, freeing up limited analyst bandwidth to handle the more niche cases. It’s still to be decided whether
they meaningfully penetrate the enterprise market directly or power the next generation of managed
security service providers as CISOs increasingly outsource analyst work.

SOR landscape getting complicated and competitive. New SOIs are coming in. SORs
must move “up the stack” and embrace new operating models that commoditize their
very crown jewels.
Step 1: commoditize SORs into
backend “data feeds”

Step 2: de-couple analytics and
Step 3: develop an application
policy control capabilities into a
platform for SOEs to build on top
marketplace of “callable” security
of the SOIs. Splunk’s Splunkbase is
function modules that leverage a
an early illustration of this concept.
broad swathe of SOR data.

•Legacy security companies need to shift from peripheral to disruptive
acquisitions. Ex. CASB acquisitions from 2016 do not place incumbents directly
into the heart of the cloud, but buying a System of Record platform startup will.

•Most likely outcome this year and and next is legacy security companies buy
Security Operations, Analytics, and Reporting (SOAR) startups to put
themselves closer, but not fully embedded in the cloud IT stack.

•Paradox of legacy companies and PE firms buying and integrating security
products is that it only brightens the spotlight on independent SOAR and
security analytics vendors who differentiate by casting a wider net than
any multi-product suite.

•Democratization of machine learning may swing the pendulum in favor of SIEM
vendors who can build an intelligence moat around their legacy SORs.

Industrials are building IoT platforms — highly specialized PaaS with modules for industrial processes
such as asset productivity, operations scheduling, maintenance, and product delivery for their clients

Megaclouds will scale your application
… but have no idea how to bring software over here…
up, down, and side-ways…

The Palantir of Industrial IoT Developing portfolio of IoT software Strongest in distributed computing with
• Services company helping industrials like • Differentiating with distributed analytics capabilities Greengrass and Lambda
John Deere develop their own systems of and blockchain for P2P transactions. • Greengrass adds a smart app server to IoT
intelligence for IoT • Bought Tririga for facilities management applications gateways to enable distributed computing
• Amazon’s Lambda functions govern business logic
and manage device state across distributed systems

Parlaying Azure portfolio towards IoT Strong player for remote, low-bandwidth scenarios Analytics chops and industrial customer base
• Microsoft combined an IoT device relying on cellular connections • Streaming analytics capabilities via SAP HANA
management platform with its robust portfolio • With Jasper Technologies acquisition, strongest • Developing modules for predictive maintenance and
of streaming analytics, and easy-to-use machine network of telcos to better manage cellular data fees asset management
learning services to develop IoT software for in remote locations • It has one of the strongest industrial customer bases
predictive maintenance and remote monitoring • Acquisition of ParStream is a catalyst for Cisco to in the tech sphere with its ERP heritage, but with a
• Recently announced edge analytics for develop edge analytics capabilities needed for very different type of buyer it is not clear this will give
distributing analytics processing across devices, remote area IoT them an advantage in IoT
gateways, and the cloud

Cisco’s Parstream allows for Amazon’s Greengrass sends functions Vapor.io retrofits cell towers with
efficient, spoke-hub distribution with complex event processing rules mini data centers for local data
of sensor data at IoT gateways for data filtration and synchronization of preprocessing that may be too
digital shadows for managing asset resource intensive for endpoints and
state across low network environments too time sensitive or prohibitively
expensive to send to the cloud

Large wireless data fees to send
to cloud. Worth the cost? Only if
useful for historical analysis.

Amazon AWS
Analytics at the edge to make Greengrass
instantaneous decisions. Speed is mission
critical in the case of brake failure detection
on a speeding train, where symptoms show
up in data just minutes before a disaster. Utilize gateways when you
can to save on device
battery power drain.

•Distributed analytics architectures instrument deeply into endpoints in the gateway, Example startups
and thus will be the providing data to security solutions focused on device anomaly
detection and distributed policy-based prevention.

•Traditional security vendors talk a big game about IoT but they are going to struggle
to get into the industrial space because operators aren’t going to want to instrument
connected assets 10 ways like IT does in the data center.

•Because of this dynamic, distributed analytics vendors have an opportunity to
become security vendors themselves. Armis
• Outside of endpoint and network security, the radio frequency spectrum is a new
topology that the most discerning government agencies and financial institutions
will protect against external IoT “intruders.”

Industrials connecting asset in their supply chain must do the same for software shipped with these assets.
Much like with the rise of systems management software (Tivoli, BMC) in the 90s to help IT more efficiently manage and get value
out of disparate appliances in the data center, a management layer to integrate disparate IoT software stacks will likely emerge.

TL;DR: IoT software startups should focus on use cases in which the underlying
physical assets are already IoT-enabled.

• Vertical AI software is highly specialized, and creating a full stack solution tuned to a
particular use case often means developing proprietary hardware to obtain data from
older, non-IoT enabled physical assets.

• Besides the operational challenge for a startup to set up hardware manufacturing, many
startups we meet are incurring heavier losses than typical vertical SaaS companies at the
same stage because they absorb the hardware cost and just sell the software.

• These startups intend to convince OEMs to manufacture the devices on their behalf. We
believe this wishful thinking because OEMs will not be able to extract enough value from
hardware purpose-built to serve even the largest of vertical application markets.

Google, Microsoft, and Amazon want to enforce vendor lock-in … But enterprises need flexibility to move ML workloads to
by developing one-click ML deployment services on their where the data is and not vice versa as megaclouds hope.
functional backends…
Why? Because machine learning and data need to sit together,
often on the same GPU server, and sensitive customer records
can’t just instantaneously be moved to the cloud for a data
science project.

Systems of Intelligence have a chicken and egg problem: Customers want proof the power of automation can
help their business and startups need the data to train the system so it can actually deliver on that promise.

• The DVR player: Lightweight version of the product that takes historical data from a customer and delivers
insights in retrospect. This approach provides the necessary training data and proof points to convince the
customer to deploy the solution for real-time analysis.

• Vertical AI masquerading as invisible software: Although example in the market are less obvious today, some
enterprise chatbot startups take this approach where they sell automation bots bottoms up to employees with the
intention of using the data the bots integrate with to gathering insights into how businesses operate. This can be
used to build a system of intelligence for optimizing business functions and operations to be sold more formally to
senior management as a next evolution of the company.

• Single pane of glass: A prevalent approach is to integrate disparate data and provide unified visibility across
databases. In this respect, the thin edge strategy is data middleware, with applications that enable business
process transformation upsold on top of this core functionality.

Why this matters:
More license revenue = less deferred
•SaaS vendors are making enterprises run back to licenses.
SaaS SOR vendors are becoming mighty and taking advantage revenue = higher capital
of it — using aggressive tactics to expand dollar share within
existing accounts, often by shoving excessive features and requirements
extensive contract terms down customers’ throats
•Enterprises are push back by opting for licenses to run in
their own virtual private cloud… which may ruin things for the
rest of the industry should the trend continue to persist.

150 40%
100 20%
50
0%
0 Year 1 Year 2 Year 3 Year 4 Year 5 Year 6 Year 7 Year 8 Year 9 Year 10 Year 11
Year 1 Year 2 Year 3 Year 4 Year 5 Year 6 Year 7 Year 8 Year 9 Year 10 Year 11

Annual subscription 3-year license Subscription-based License-based

Most enterprise infrastructure startups Long protracted path to get out of
make the mistake of not undercutting ‘licenses in the cloud’ rut, discounting
This leads to ‘licenses in the cloud.’
SaaS prices right away, and only do so SaaS prices helps.
after customers start opting for licenses.